Sunday, December 12, 2021

4 Golden Keys To Keep Your Cyber Attack Surface Small

 


In the world of Cybersecurity today, everybody basically throws in their two cents of advice of what to do.  Heck, even I do it.  You hear it all from calculating your levels of Cyber Risk and Resiliency, to figuring out how Cyber Hygiene you are, how to best implement controls, the top 5 best practices for this and that, blah, blah, blah. 

But the one thing you don’t typically hear about is how wide your attack surface actually is.

What is it exactly, you may be asking?  It can be technically defined as follows:

“The attack surface is the number of all possible points, or attack vectors, where an unauthorized user can access a system and extract data. The smaller the attack surface, the easier it is to protect. Organizations must constantly monitor their attack surface to identify and block potential threats as quickly as possible. They also must try and minimize the attack surface area to reduce the risk of cyberattacks succeeding. However, doing so becomes difficult as they expand their digital footprint and embrace new technologies.”

(SOURCE:  https://www.fortinet.com/resources/cyberglossary/attack-surface).

So as you can see from the definition, your attack surface is pretty much your entire IT/Network Infrastructure, and all of the weak spots in them.  Yes, even those points that are fortified can still be considered as part of the Attack Surface, because a good Cyberattacker can always find a way in. 

An example of this is an On Prem Infrastructure.  All of the servers, workstations, devices, as well as physical and digital assets are the Attack Surface. 

So imagine your entire office, and there you have it.  But now that the Cloud has taken hold of Corporate America, the Attack Surface becomes much murkier.  For example, just because you think you have a dedicated Private Cloud, that that is only your total surface. 

You probably have shared resources with other Cloud tenants that you don’t even know about, and if something happens to them, it could also roll over to your deployments as well.

For example, even with your own Cloud Deployment, you will be moving all kinds of resources and workloads around.  Heck, you may even be store all of your Virtual Machines (VMs) in different data centers dispersed throughout the world.  While the purpose of doing this is primarily for redundancy, this technically also increases the Attack Surface as well. 

Now that the Remote Workforce will be with us for quite some time to come, this too has greatly expanded the Attack Surface as well.  For instance, you no longer have employees just working from one central location, they are now all over, working from who knows where.

Heck, even the improper testing of source code in a Web Application before it is released to a customer can also expand the Attack Surface.  For instance, many software developers use untested and outdated APIs to build the code, and it still does not get tested. 

The Cyberattacker is fully aware of this as well, and this is a key area in which they can inject malicious payload for subsequent attacks, after the app is handed off to the client.

Another catalyst for the expansion of the Attack Surface is the sheer deployment of a massive amount of security tools and technologies, without strategically deploying them.  As I have written before, this all goes back to the old proverbial statement that there is “Safety In Numbers”.  Many CISOs believed this before COVID19 hit, but now they are realizing that this actually a huge mistake, and are scaling back, if they still maintain an On Prem Infrastructure.

OK, now that you have some idea of what an Attack Surface actually is, how do you go about either making sure that you do not expand too much further, or if have to, how do you protect that expansion?  Here are some key tips:

1)     Get a good view of it:

Probably the best way to keep track of just how big or small your Attack Surface actually is, is to simply map it out.  Now of course, this can be a time consuming and laborious process if you still have an On Prem Infrastructure.  But if you have a Cloud deployment, especially with Microsoft Azure, you have the tools already in your account to map it out, in just a matter of minutes.  Best of all, as you move or add resources around your Private Cloud, or even move them to different data centers worldwide, this map will be updated for you on a real time basis.  No more work is needed on your end.

2)     Keep an inventory of what you have:

When one thinks of this, the notion using Excel spreadsheets often comes to mind.  But forget this approach (unless once again, you an On Prem Infrastructure).  Once again with Azure, you have the tools to keep an updated list of all of resources that you have at that moment in time.  Heck, you can even load up a list with all of the resources that have been taken out as well. Also, this is updated in real time as well. 

3)     Make use of dashboards:

Along with Azure, I think that the AWS also offers dashboards and SIEMs as well.  The idea of these tools is to give you a centralized view in one place as to all what is happening to your Private Cloud.  It is important that you make good use of these tools, as they are provided as part of the entire package that you are paying.  Not only will you be able to get a holistic view of your Cloud Infrastructure, btu you can also see the threats that are lurking out there, and even see of all of the network connections that you have.  Thus, with kinds of tools, your IT Security team should be able to cultivate a proactive mindset, which is so important when trying to keep your Attack Surface as small as possible.

My Thoughts On This

Based upon the tips I just gave you; your first thoughts are that I am simply pumping out the needs to go the Cloud.  But actually I am not.  Yes, the Cloud has its advantages as well disadvantages (especially when it comes to data leakages), and in fact I know of many SMBs who have still opted to maintain their On Premises Infrastructure.

But by migrating to something like Microsoft Azure, once again, you already have the tools in place to help you understand the depth of your Attack Surface in just a matter of minutes, as opposed to doing this on manual basis.  These minutes become absolutely critical especially when dealing with today’s Cyber threat landscape.

Also keep in mind that yet another driver for the growth of the Attack Surface is also the Internet of Things, or also known as the “IoT” for sort.  This is where all of the objects that we interact with both in the physical and virtual worlds are all interconnected together. Sop keep this in mind if you are planning to implement IoT based devices for your company.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...